The enforcement logic configuration of the Security Gate service is part of the Airlock Anomaly Shield configuration. The Airlock Anomaly Shield machine learning service (ML-Service) is the active part in the computation of anomaly indicator values – the machine learning output. The Security Gate service requires additional configuration to act with exception and action handling based upon the machine learning model output.
- Session-based anomaly detection computes individual sessions.
- Virtual-session-based anomaly detection aggregates and computes incoming traffic from one IP address rather than from a specific session.
- Description:
- Calculated session anomaly indicator values are compared to the configured anomaly indicator thresholds.
- The resulting anomaly indicator pattern is applied against the configured enforcement rules.
- This determines which actions are to be executed.
- The configured exception rules define the exception and action handling e.g. by blocking a request.
- In this case, blocking the request has been originally triggered by an Airlock Anomaly Shield indicator value.
Enforcement is part of regular request processing in the Security Gate. The enforcement logic always uses the most recent available session anomaly indicator values to avoid latency issues.